Skip navigation

Denial of Service in Cisco IOS - 19 Nov 2004

Reported November 10, 2004, by Cisco


  • Cisco 7200, 7300, 7500 platforms
  • Cisco 2650, 2651, 2650XM, 2651XM Multiservice platform
  • Cisco ONS15530, ONS15540
  • Cisco Catalyst 4000, Sup2plus, Sup3, Sup4, and Sup5 modules
  • Cisco Catalyst 4500, Sup2Plus TS
  • Cisco Catalyst 4948, 2970, 3560, and 3750
  • Cisco Catalyst 6000, Sup2/MSFC2, and Sup720/MSFC3
  • Cisco 7600 Sup2/MSFC2 and Sup720/MSFC3

A Denial of Service (DoS) vulnerability exists in Cisco IOS devices running branches of IOS version 12.2S that have DHCP server or relay agent enabled. Certain crafted DHCP packets might be undeliverable but will remain in the queue instead of being dropped. If so many packets are sent that they equal the size of the input queue, no more traffic will be accepted on that interface, resulting in a DoS condition.

Cisco Systems has released Cisco Security Advisory Cisco IOS DHCP Blocked Interface Denial-of-Service to address this vulnerability.

Discovered by Cisco.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.